Network Working Group R. Gellens
Request for Comments: 5383 Qualcomm
BCP: 143 October 2008
Category: Best Current Practice
Deployment Considerations for Lemonade-Compliant Mobile Email
Status of This Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Abstract
This document discusses deployment issues and describes requirements
for successful deployment of mobile email that are implicit in the
IETF lemonade documents.
Table of Contents
1. Introduction ....................................................2
2. Conventions Used in This Document ...............................2
3. Ports ...........................................................2
4. TCP Connections .................................................3
4.1. Lifetime ...................................................4
4.2. Maintenance during Temporary Transport Loss ................5
5. Dormancy ........................................................6
6. Firewalls .......................................................6
6.1. Firewall Traversal .........................................7
7. NATs ............................................................8
8. Security Considerations .........................................8
9. Acknowledgments ................................................10
10. Normative References ..........................................10
11. Informative References ........................................10
Gellens Best Current Practice [Page 1]RFC 5383 Lemonade Deployment Considerations October 20081. Introduction
The IETF lemonade group has developed a set of extensions to IMAP and
Message Submission, along with a profile document that restricts
server behavior and describes client usage [PROFILE].
Successful deployment of lemonade-compliant mobile email requires
various functionality that is generally assumed and hence not often
covered in email RFCs. This document describes some of these
additional considerations, with a focus on those that have been
reported to be problematic.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [KEYWORDS].
3. Ports
Both IMAP and Message Submission have been assigned well-known ports
[IANA] that MUST be available. IMAP uses port 143. Message
Submission uses port 587. It is REQUIRED that the client be able to
contact the server on these ports. Hence, the client and server
systems, as well as any intermediary systems, MUST allow
communication on these ports.
Historically, Message User Agents (MUAs) have used port 25 for
Message Submission, and [SUBMISSION] does accommodate this. However,
it has become increasingly common for ISPs and organizations to
restrict outbound port 25. Additionally, hotels and other public
accommodations sometimes intercept port 25 connections, regardless of
the destination host, resulting in users unexpectedly submitting
potentially sensitive communications to unknown and untrusted third-
party servers. Typically, users are not aware of such interception.
(Such interception violates [FIREWALLS] and has many negative
consequences.)
Due to endemic security vulnerabilities in widely deployed SMTP
servers, organizations often employ application-level firewalls that
intercept SMTP and permit only a limited subset of the protocol. New
extensions are therefore more difficult to deploy on port 25. Since
lemonade requires support for several [SUBMISSION] extensions, it is
extremely important that lemonade clients use, and lemonade servers
listen on, port 587 by default.
Gellens Best Current Practice [Page 2]RFC 5383 Lemonade Deployment Considerations October 2008
In addition to communications between the client and server systems,
lemonade requires that the Message Submission server be able to
establish a TCP connection to the IMAP server (for forward-without-
download). This uses port 143 by default.
Messaging clients sometimes use protocols to store, retrieve, and
update configuration and preference data. Functionality such as